0

I'd like to know if there's an easy fix for this error that I'm getting while trying to add support for Google sign-in to my website, since I can only reproduce it while on a Laravel-based environment. Vanilla PHP applications do run just fine.

This is my relevant code:

if ($request->has('googleToken')) {
    $client = new Google_Client(['client_id' => env('GOOGLE_PLATFORM_CLIENT_ID') ]);

    $payload = $client->verifyIdToken($credentials['googleToken']);

    if (!$payload) {
        return response([ 'error' => 'Invalid token, please try using form-based authentication.' ], Response::HTTP_FAILED_DEPENDENCY);
    }

    $user['googleToken'] = $credentials['googleToken'];
}

I know I'm doing too relaxed validations, but please just focus on the fact that I'm just testing and I plan to change this code in the near future.

The code above, receives its data through an Axios PUT request from the frontend with the payload looking like this:

{
    googleToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE5ZmUyYTdiNjc5NTIzOTYwNmNhMGE3NTA3OTRhN2JkOWZkOTU5NjEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXpwIjoiNTkyODkzNjE3ODYzLXRscDdvaDByaTk2dTZxZGxrOXYwbHAyanQyNDlkdDNsLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiNTkyODkzNjE3ODYzLXRscDdvaDByaTk2dTZxZGxrOXYwbHAyanQyNDlkdDNsLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTE1NTg0MDg0NTE2OTMxOTQzODU..."
    mailAddress: "user@mail.com"
}

The problem is that the payload would simply return false. I decided to try to investigate the issue, so I went to the definition of verifyIdToken contained within Google_Client and, from there, jumped over to the function that finally returns to its parent, which is verifyIdToken from the class Verify.

Inside of that class, there's a pretty loose try/catch block in which I decided to try adding a generic exception case so that I could quickly print the error message for debugging. I did, and this is the output I got:

OpenSSL unable to verify data: error:0909006C:PEM routines:get_name:no start line

This is what's failing internally, and from this point on, I don't really have an idea about how to proceed since the error feels very cryptic, or at least it's not in my field of knowledge.

facuarmo
  • 21
  • 1
  • 5
  • I'd just use Socialite – brombeer Jun 19 '21 at 10:13
  • You don't need to edit library files to put in try/catch statements. You put those in your own code. The error suggests a corrupted certificate file is being used. – miken32 Jun 19 '21 at 15:54
  • Does this answer your question? [Error: error:0909006C:PEM routines:get\_name:no start line - node](https://stackoverflow.com/questions/63030755/error-error0909006cpem-routinesget-nameno-start-line-node) – miken32 Jun 19 '21 at 15:54
  • Hey there @brombeer, thank you for your comment. I didn't know about Sociaite, I'll check it out as it might be my to-go solution instead. – facuarmo Jun 19 '21 at 18:42
  • 1
    Hello @miken32, I edited the library because Google purposely wrote a try/catch block that happens on the library level to block it from displaying exceptions (see https://github.com/googleapis/google-api-php-client/blob/master/src/AccessToken/Verify.php#L122). – facuarmo Jun 19 '21 at 18:45
  • And no, @miken32, this error isn't exactly handled in the same way as in the other question you pointed out, since the certs should be handled automatically by Google's API Client after passing the Client ID. – facuarmo Jun 19 '21 at 18:47
  • Ok editing the library makes more sense in that case; what kind of exception was being thrown? Which method triggered the exception? The most likely explanation is your PHP installation pointing to a corrupt local cert. Check output from `phpinfo()` and your corresponding `openssl` directives. – miken32 Jun 19 '21 at 19:23
  • Well @miken32, I went ahead and actually ran the whole thing on a fresh installation of PHP 7.4 CLI for Ubuntu on WSL2, so highly doubt that's the case. Although the same happened on XAMPP running directly on Windows. The exception gets triggered right on the line I showed at that link, I added the generic `Exception` class catch case there. The exception gets triggered exactly at this point: https://github.com/googleapis/google-api-php-client/blob/master/src/AccessToken/Verify.php#L105 – facuarmo Jun 19 '21 at 19:26
  • That means `getPublicKey()` is throwing the exception; you'll need to trace it all the way back to find out where the actual problem is. You should get be able to get a backtrace with the exception. – miken32 Jun 19 '21 at 20:17
  • @miken32, so I eventually resorted to the remote Google server call which does seem to work properly (https://www.googleapis.com/oauth2/v3/tokeninfo) passing the param `id_token` with the token I've gotten off the frontend. Hopefully a quick workarund comes along soon cause I don't think this is a proper/reliable way. – facuarmo Jun 19 '21 at 23:42

1 Answers1

0

The OpenSSL error you quoted indicates that your client was not able to read any/further PEM-encoded data. Refer to https://www.openssl.org/docs/man1.1.1/man3/PEM_read.html.

OpenSSL unable to verify data: error:0909006C:PEM routines:get_name:no start line

Here,

  • 'PEM routines' represents the library within OpenSSL
  • 'get_name' is the function
  • 'no start line' is the reason

Is you client able to access the necessary certificates/keys?

Arun Nellanat
  • 11
  • 1
  • Hello Arun. Yes, I understand that, afaik my client DOES actually have the data. I forced the library to print out the loaded key, and it's clearly there: `-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4D9be+o8MKZZYpr9Ggm qNFw/pH0a7jPDWG1zYMwFUVSDCY30WsBADGRkDWKKWTgVQ9vzZdjPh1WsffBMD71 ghn06Uhx8lCbxemM64N9VGBmlLN26aeu+zJAVblbEjnTh35r+LXD6TKdQcvm3CDv R3oTZ4j1x5G+Yil5JKevvbJ8Wu98VIqgTjx+RQf+EqTau9btxzCEzxw5LxD/De9t ... -----END PUBLIC KEY-----` – facuarmo Jun 19 '21 at 18:49